Tower Records Suffers Massive Data Spill

This site may earn affiliate commissions from the links on this page. Terms of use.

Tower Records, a well known chain of record shops that does business in the US and the UK, recently suffered an embarrassing information leak due to amateurish Web programming. A Windows “Active Server Page” script, which allowed customers to check the status of their orders by entering their order numbers, was written so that it required no other identification from the user than the order numbers themselves — which were assigned in sequence. Simply modifying a URL to contain an order number one greater or one less than that assigned to your own order would show you another customer’s information. E-mail addresses, street addresses, phone numbers, and order information dating back to 1996 were exposed.

This site may earn affiliate commissions from the links on this page. Terms of use.

ExtremeTech Newsletter

Subscribe Today to get the latest ExtremeTech news delivered right to your inbox.

Email

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our
Terms of Use and
Privacy Policy. You may unsubscribe from the newsletter at any time.